Hackers may soon able to decode what you are typing on your device






The technology advancement in smartphones may soon enable hackers to intercept what the user is typing on their devices by analyzing the sound of the keypad.

The researchers at Cambridge University and Sweden’s Linkoping University were able to extract passwords by deciphering the sound waves generated by fingers tapping on smartphone’s touch screens.

‘When a user enters text on the device’s touchscreen, the taps generate a sound wave. The device’s microphones can recover the tap and correlate it with the keystroke entered by a victim.’

According to the study, using a spying app, a malicious actor can decode what a person is typing. The study was first reported by the Wall Street Journal. “We showed that the attack can successfully recover PIN codes, individual letters, and whole words,” the researchers wrote.


‘The spying app may have been installed by the victim herself, or by someone else, or perhaps the attacker gave the device to the victim with the app pre-installed – there are several companies offering such services, such as mSpy. We also assume the app has microphone access. Many apps ask for this permission and most of us blindly accept the list of demanded permissions anyway.’

The researchers programmed a machine-learning algorithm that could detect and analyze the soundwave for specific keystrokes. On Smartphone, the researchers were able to correctly replicate the passwords seven times out of 27, within 10 attempts. While on tablets, they achieved better results, replicating for password 19 times out of 27 within 10 attempts.

“We found the device’s microphone(s) can recover this wave and ‘hear’ the finger’s touch, and the wave’s distortions are characteristic of the tap’s location on the screen,” the researchers wrote. “Hence, by recording audio through the built-in microphone(s), a malicious app can infer text as the user enters it on their device.”



Hacker Puts Up For Sale the Data of Six Companies, Totalling 26.42 Million User Records



Gnosticplayers, a hacker who already is for the most part known for putting up for sale more than 840 million user records in the previous month has yet again made an appearance and has returned with a fourth round of hacked data that he's selling on a dark web marketplace.

Ever since February 11 the hacker has set available for sale, data for 32 companies in three rounds on Dream Market, a dark web marketplace. This time, Gnosticplayers is more focused on the information of six companies, totalling 26.42 million user records, for which he's asking 1.2431 bitcoin which is approximately $4,940.

The difference between this Round 4 and the past three rounds is that five of the six databases Gnosticplayers set available for sale were gained amid hacks that have occurred a month ago, i.e. in February 2019. What's more, it merits referencing that a large number of the companies whose data Gnosticplayers has sold in the past three rounds have already affirmed breaches.

The six new companies targeted this time are , namely game dev. platform GameSalad, Brazilian book store Estante Virtual, online task manager and scheduling applications Coubic and LifeBear, Indonesia e-commerce giant Bukalapak, and Indonesian  student career site YouthManual.


"I got upset because I feel no one is learning,” the hacker said in an online chat "I just felt upset at this particular moment, because seeing this lack of security in 2019 is making me angry."

He says that he set up the data for sale essentially in light of the fact that these companies had neglected to ensure their passwords with solid encryption algorithms like bcrypt.

Albeit simply the last month the hacker said that he needed to hack and put up for sale more than one billion records and after that retire and vanish with the cash. But in a recent conversation, he says this is not his objective any longer, as he discovered that various other hackers have already just accomplished the similar objective before him.

Gnosticplayers likewise revealed that not every one of the information he acquired from hacked companies had been put on sale. A few companies surrendered to extortion demands and paid expenses so that the breaches would stay private.